NTT DOCOMO GLOBAL has announced a strategic three-way collaboration with Accenture and Amazon Web Services (AWS) aimed at solving a critical bottleneck in corporate artificial intelligence adoption: the lack of standardized oversight for autonomous AI agents.

The partnership centers on expanding DOCOMO GLOBAL’s existing Universal Wallet Infrastructure (UWI)—an open-standard interaction layer previously co-developed with Accenture to manage decentralized digital identities, money, and assets. Under the new initiative, the tech trio will adapt UWI to serve as a standardized "trust architecture" capable of verifying, governing, and auditing autonomous AI workflows.

The Shift to "Agentic" Risk

As corporate AI transitions from experimental pilots to continuous, multi-system automation—particularly in software development—enterprises face unprecedented security and compliance hurdles. Traditional software supply chain governance tools are ill-equipped to track continuous, machine-led code modifications.

The expanded UWI platform seeks to address this by establishing clear parameters for:

• Provenance: Identifying precisely which AI agent performed an action.
• Authorization: Verification of whether the agent possessed the appropriate operational credentials.
• Auditability: Documenting the underlying data and decision-making logic the agent relied on.

Division of Labor and Market Execution

The initiative leverages complementary capabilities from each stakeholder to bridge the gap between isolated AI testing and production-scale enterprise deployment:

• NTT DOCOMO GLOBAL will provide the core infrastructure layer via UWI, using open-standard verifiable credentials to authenticate interactions across human users, legacy systems, and autonomous agents.
• Accenture will drive the overarching technology strategy, product engineering, and decentralized digital identity integration, leading execution and market scaling.
• AWS will supply the cloud infrastructure and serverless execution environments, notably via tools like Amazon Bedrock AgentCore, to safely host and scale autonomous workflows.

To drive commercial adoption, the companies have committed to joint market rollouts, including technical solution showcases and customer workshops.

First Milestone: Technical Whitepaper

Marking the alliance's first technical deliverable, the firms have co-authored a whitepaper detailing reference architectures that imbed Software Bills of Materials (SBOMs) and agent identity directly into development pipelines. According to executive commentary from the participants, embedding these compliance controls natively from design—rather than applying them retrospectively—is now viewed as a hard precondition for enterprises looking to scale AI safely in regulated environments. A deep dive into the technical whitepaper follows.

Strategic Framework: Implementing the Agentic Trust Layer for Enterprise AI Governance

1. The Strategic Imperative: Beyond Model Robustness to Workflow Accountability

As enterprises shift from static AI experimentation to autonomous agentic operations, traditional security perimeters are proving insufficient. Governance must evolve beyond the foundational layers of Model and Data to address the complexities of Layer 3: Workflow-level accountability. While Layer 1 ensures model robustness and Layer 2 governs data inputs and outputs, Layer 3 provides the mechanism to prove what an AI agent actually did, who authorized it, and what data it relied upon. Without this "Agentic Trust Layer," organizations lack the tamper-proof records required by regulators, auditors, and business partners to place AI at the core of critical operations.

The following table synthesizes the architectural shift from traditional point-solution security to a unified trust foundation:

Failing to adopt this framework creates a fundamental "trust gap" that threatens competitive standing. Organizations that cannot provide verifiable evidence of compliance risk being excluded from the emerging agentic economy. The Agentic Trust Layer is therefore the necessary architectural precondition for enterprise AI adoption at scale.

2. Universal Wallet Infrastructure (UWI): The Foundation of Digital Identity

The Universal Wallet Infrastructure (UWI) provides the strategic foundation for this framework, serving as an interoperable, enterprise-grade interaction layer. Rather than a closed platform, UWI is built on open standards (W3C, DID) to prevent vendor lock-in and ensure that diverse applications, wallets, and services can collaborate across organizational boundaries. This infrastructure is a realization of a strategic collaboration between three key partners: NTT DOCOMO GLOBAL (providing the trust infrastructure layer), Accenture (providing technology strategy and product engineering), and AWS (providing the scalable AI and cloud services required for production-grade deployment).

The core functional capabilities of UWI move governance from retrospective to real-time:

• Decentralized Identity (DID): Assigning unique, verifiable identifiers to people, systems, and AI agents to support cross-domain authentication.
• Verifiable Credentials (VC): Issuing tamper-evident digital credentials based on open standards that allow attributes to be independently verified.
• Policy-Based Access Control: Managing authorization and provenance in trust-sensitive, regulated environments.

UWI operates on three core pillars—Verify, Govern, and Audit—establishing a secure environment for AI-driven actions. By embedding these controls directly into the infrastructure, organizations can reliably manage digital identities and objects across complex workflows, starting with the software development lifecycle.

3. Transforming Software Supply Chain Governance: VC-SBOM and AI-SBOM

In AI-driven development, transparency in the software supply chain is no longer an afterthought; it is a strategic necessity. The integration of Verifiable Credentials into Software Bills of Materials (SBOMs) transforms them from static, reactive audit documents into real-time trust mechanisms. This dual-track approach addresses two orthogonal axes of governance:

1. VC-SBOM (Trust Mechanism Axis): A standard SBOM (CycloneDX/SPDX) signed and issued as a VC. This adds a layer of tamper detection, issuer authenticity attestation, and lifecycle/revocation management.
2. AI-SBOM (Recorded Content Axis): An extended SBOM that records specific metadata regarding the AI's involvement in code generation.

The AI-SBOM captures critical metadata to resolve the "origin of code" barrier:

• Instructor Information: Identification of the human user providing the instruction.
• Generating Agent Information: The specific DID and version of the AI agent.
• AI Model Information: Model name, version, and provider.
• Generation Context: Identifiers for referenced files and a recording of the prompt.

Architectural Note: Organizations must apply recording policies based on security requirements. For identity confirmation, hash-based prompt recording is sufficient; however, where retrospective review of content is required for compliance, full-text recording must be implemented. Unlike traditional SBOMs, which lack cryptographic proof of provenance, the Agentic Trust Layer ensures every code modification is cryptographically attested and verifiable.

4. Regulatory Alignment and Global Market Projections

Emerging global regulations are the primary drivers for trust infrastructure. The EU Cyber Resilience Act (CRA) and METI initiatives in Japan have established a clear "compliance cliff," with the main obligations of the EU CRA scheduled to apply from December 2027. Organizations unable to prove the integrity of their software supply chain by this deadline face significant market access risks.

As AI accelerates build frequencies, the market for verification transactions is projected to scale rapidly:

The implication is a projected doubling of transaction volume within two years. For stakeholders, delays in implementing a scalable trust layer represent a direct competitive risk. To meet these high-volume regulatory demands, technical implementation must prioritize serverless scalability and standardized verification flows.

5. Reference Architecture: Integrating UWI and Amazon Bedrock AgentCore

To realize the Agentic Trust Layer, the collaboration between NTT DOCOMO GLOBAL, Accenture, and AWS has produced a reference architecture designed for high-volume, low-latency trust transactions. This architecture utilizes the Strands Agents framework to build model-driven agents capable of seamless deployment.

The architecture centers on three Trust-Related Components within the Execution Environment:

1. Analyzer Agent: An orchestration agent operating on Amazon Bedrock AgentCore Runtime that executes security analysis triggered by code changes.
2. SBOM Generation Engine: A component that collects and structures data into CycloneDX/SPDX formats, managing both standard and AI-specific metadata tracks.
3. AgentCore Runtime: Provides serverless execution with session isolation for parallel processing and support for the long-running execution required for large codebase analysis.

Service Invocation Flow:

1. Trigger: A code modification in an IDE (e.g., Kiro) invokes the Analyzer Agent.
2. Orchestration: The AgentCore Gateway manages access to the UWI API and vulnerability databases (NVD/OSV), converting them into MCP-compatible tool calls.
3. Issuance: The SBOM Generation Engine sends the artifact to UWI for signing and VC construction.
4. Persistence: The signed VC-SBOM is stored in Amazon S3, utilizing S3 versioning to ensure tamper-resistant, historical record retention.

This serverless architecture ensures the scalability required to handle hundreds of millions of verification transactions while providing the observability needed for audit compliance.

6. Strategic Roadmap: From Software Development to Agentic Commerce

The design principles of the Agentic Trust Layer—collecting, structuring, and verifying data—are universal. The initial implementation in software development serves as a blueprint for other high-stakes domains requiring auditability, such as financial services and healthcare.

A critical extension is the Worker Credential use case. Here, professional certifications are issued as VCs, allowing hiring organizations to independently verify qualifications without direct issuer contact. This establishes the foundation for a Cross-Domain Trust Mechanism, governed by a Delegation Chain. In this model, a verifiable chain of instructions (e.g., Planner Agent → Coder Agent → Reviewer Agent) is preserved as a cryptographically signed record.

By utilizing common protocols like the Model Context Protocol (MCP) and W3C standards, agents from different domains can interact within a consistent governance framework. The Agentic Trust Layer provides the definitive framework for this future, ensuring that as AI agents become core business actors, their actions remain accountable, auditable, and fundamentally trustworthy.

SMBC Group Launches Agentic AI Venture to Pioneer Next-Generation Enterprise AI

Sumitomo Mitsui Financial Group (SMBC Group) will appoint Ahmed Jamil Mazhari to lead transformation initiatives aimed at accelerating group-wide AI strategy and integration. In partnership with Mazhari, SMFG will also establish a new agentic AI solutions company in Singapore, first serving SMBC Group as “customer zero” before expanding to the

Japan FinTech ObserverNorbert Gehrke